[Samba] Searching samba ldap without authentication

[Jean-François Morcillo]

Le 02/02/2015 15:48, Rowland Penny a écrit :
> On 02/02/15 13:55, Jean-François Morcillo wrote
>
>> Ok, thank you I had seen how to create users, but I missed how to modify
>> properties, I'm gonna check this.
>> Anyway, any idea why the python script tries to connect to the remote
>> AD, while the command line tool only connect to the local AD?
>
> Probably because you are connecting via ldapi, try the ldb-tools
> instead, you can search on the DC without a password, adding or
> modifying requires a password. You may be duplicating the work done on
> samba-tool, I would suggest that you investigate this python tool
> before you go much further, no point in re-inventing the wheel, is
> there :-)
>

Sure reinventing the wheel is a non sense, it was not my choice. I'll
have a deeper look into samba-tool.
Just for information, here is how to make the script work correctly:

import ldap
LDAP_URI = "ldapi://%2fvar%2flib%2fsamba%2fprivate%2fldap_priv%2fldapi"

l = ldap.initialize(LDAP_URI, trace_level=1)

***********l.set_option(ldap.OPT_REFERRALS, 0)*

entries = l.search_s('dc=mon,dc=dom', ldap.SCOPE_SUBTREE)
print(entries)




>
>
>> You're right :)
>> Let say we were late in this area and hope to be up to date very soon.
>
> I hope so, 3.6 is about to EOL when 4.2 comes out.
We are currently providing version 4.1.14 :)

>
>
>> Ok, thank you, I'm sorry for the confusion introduced by the old-school
>> names, it was the only way for me to express the small difference
>> between the machines.
>>
>
> I understand what you mean, but it is better to get into the habit of
> just referring to them as DC's as samba4 can still be setup as an NT4
> PDC. As far as I know, there is no microsoft obsolete policy on samba,
> things are only removed when nobody is using them or are no longer
> required.
Thank you, i'll be more precise next time :)

>
> Rowland
>
>
>


-- 
- no title specified
Jean-François